www.upload-4ever.com/hvzo42ulbm17/KPortScan%203.0.zip
301 Moved Permanently 0 B URL HTTP/1.1 www.upload-4ever.com/hvzo42ulbm17/KPortScan%203.0.zip
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hvzo42ulbm17/KPortScan%203.0.zip HTTP/1.1
Host: www.upload-4ever.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 01 Feb 2023 11:56:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 01 Feb 2023 12:56:56 GMT
Location: https://www.upload-4ever.com/hvzo42ulbm17/KPortScan%203.0.zip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=evAGnRBoqnr7cZKrE9QNGzKtIWkR15xGo%2Bqn7zDrD1s6%2BJ6Vt%2Fr1GwjTruL2mkJUvUGbxmFwgGtLuQSrwe0erMYEAX4xGls1Yv5IqxHGeOeCw9TYP%2B9iMMiZb09DFCN1XIjfQ4CWNA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 792a81b51cc7fac4-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9287
Expires: Wed, 01 Feb 2023 14:31:43 GMT
Date: Wed, 01 Feb 2023 11:56:56 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3521
Expires: Wed, 01 Feb 2023 12:55:37 GMT
Date: Wed, 01 Feb 2023 11:56:56 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 11:36:01 GMT
content-type: application/json
age: 1255
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17525
Expires: Wed, 01 Feb 2023 16:49:01 GMT
Date: Wed, 01 Feb 2023 11:56:56 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ppgNODBaYRhPbtGZtaAy0YqoPd0t8gqwEeLJALr2RCt4/Iv0wOIW6rnF/Gakd7uQufiIMUWzZLQ=
x-amz-request-id: ZV1K8C43J8MW7Z4X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 11:51:33 GMT
age: 323
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash cdf00dc6212d2fc2cdede657692f617f
de07f5693ce5e3e4c47e6cd2f288ec49d1116e85
2bae8714b66863bc7e1d10b29dc22164acc12ccb1d1ce097566c23b7bc366db6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3254
Cache-Control: max-age=154361
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 11:56:56 GMT
Etag: "63d9fecb-117"
Expires: Fri, 03 Feb 2023 06:49:37 GMT
Last-Modified: Wed, 01 Feb 2023 05:55:23 GMT
Server: ECS (amb/6B8E)
X-Cache: HIT
Content-Length: 279
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 11:56:56 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash cdf00dc6212d2fc2cdede657692f617f
de07f5693ce5e3e4c47e6cd2f288ec49d1116e85
2bae8714b66863bc7e1d10b29dc22164acc12ccb1d1ce097566c23b7bc366db6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3255
Cache-Control: max-age=154361
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 11:56:57 GMT
Etag: "63d9fecb-117"
Expires: Fri, 03 Feb 2023 06:49:38 GMT
Last-Modified: Wed, 01 Feb 2023 05:55:23 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 279
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 442 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
Hash 2aa49d39f3e7bf555cf3f35fefd213a1
c7a9d51704e1a2a73870688e6b6ac2e42c09a8b7
18ff51a3a7fd86a1141ee0cf6d56bbf552e0fff1cc27313e960bbac4cad54681
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 11:49:05 GMT
age: 472
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7624bf3ec61cb5845a0d0335a9d13289
9ace55178714a77ad79c47455f71767881da5c7c
b49082b9b9dc2c029c7e4a8e6c285dbc0ed4f79415f72fe51eb618f322484d2b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B49082B9B9DC2C029C7E4A8E6C285DBC0ED4F79415F72FE51EB618F322484D2B"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13454
Expires: Wed, 01 Feb 2023 15:41:11 GMT
Date: Wed, 01 Feb 2023 11:56:57 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7624bf3ec61cb5845a0d0335a9d13289
9ace55178714a77ad79c47455f71767881da5c7c
b49082b9b9dc2c029c7e4a8e6c285dbc0ed4f79415f72fe51eb618f322484d2b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B49082B9B9DC2C029C7E4A8E6C285DBC0ED4F79415F72FE51EB618F322484D2B"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13454
Expires: Wed, 01 Feb 2023 15:41:11 GMT
Date: Wed, 01 Feb 2023 11:56:57 GMT
Connection: keep-alive
d1j2jv7bvcsxqg.cloudfront.net/?bvjjd=976112
200 OK 116 kB URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/?bvjjd=976112
IP
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 116 kB (116204 bytes)
Hash 9361e8572e4c8bbfa5e6a8fe2ba4928e
d24f418175d0944fc01752fbc8b170912730b224
fc1e94bf208ad0e0571ddf64db8e685b49ec6aeb44fb48abada456ebbfe6c466
GET /?bvjjd=976112 HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 116204
date: Wed, 01 Feb 2023 11:56:57 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VFrmzG1xj6uBWJ2lLKS0x7rWbEKpUbUlw_tErDTSQ3-GRJwaGLv_iQ==
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3494
Expires: Wed, 01 Feb 2023 12:55:11 GMT
Date: Wed, 01 Feb 2023 11:56:57 GMT
Connection: keep-alive
cagothie.net/tag.min.js
200 OK 24 kB IP
Hash 37343f2102a2b8c040dc6837426e77b6
a6c09378030f19cf7e27915df99419d099f929b0
054d8c459659b897cf4938f3535ee64686765ba1703fd007621a8e27f0b6a000
GET /tag.min.js HTTP/1.1
Host: cagothie.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 11:56:57 GMT
content-type: text/javascript; charset=utf-8
content-length: 23495
content-encoding: br
x-trace-id: a94aeec77787e373e0c5da4ad84d9f9d
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 01 Feb 2023 11:02:32 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash ddb627a217b4d9767430e2835c272208
0d57f3a4facd86864cd3cfa5674d4d3c2d907473
bc0915ec07b0c3f00c70a1f5c0c493ccac9ba2d7b8427e8449d855aec1705e08
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BC0915EC07B0C3F00C70A1F5C0C493CCAC9BA2D7B8427E8449D855AEC1705E08"
Last-Modified: Wed, 01 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18492
Expires: Wed, 01 Feb 2023 17:05:09 GMT
Date: Wed, 01 Feb 2023 11:56:57 GMT
Connection: keep-alive
eitfromthe.com/bGwwb1INDlMCbQ1RUkknHgANSmAqSQIpNl0GAgUkWw5GDCEUHVdBMQADRQs0HgNeG3wCCURKYCoeYzkAHDZ0OiMjG1MsEQZcCSsEByFWAhg1OmELJDwEXyMFFgBAIzU2NVUXHyUoXF8/DwQACgc0Pls7JQQ5ehUcOT1cLjwiXWI5FxULRyxjBy5SFhM2LwFaYiILQyYAFTlaLTUqImA3Gw8uYQg5IxR9IQU/OQE7FDYWViciNj1hC2cKLgQhBRVcByc6Dz1VXQMkKXItZTYqWDoVXwBIODs1PVVdAwkoZht3XippKio0CAIXPzs+Rys0NCpRJTouW2otfx8/dSc9Ojt2PhM2XmIuAz0IBSIlGyRoBggUO0kmGgk7ZjUELT4FNQcUO3I8alUrRykGJgVIIgQCIgQ1FBQncjhqBDp2OnQGH18BIlErUgJgKw1aBz0
200 OK 1.2 kB URL HTTP/2 eitfromthe.com/bGwwb1INDlMCbQ1RUkknHgANSmAqSQIpNl0GAgUkWw5GDCEUHVdBMQADRQs0HgNeG3wCCURKYCoeYzkAHDZ0OiMjG1MsEQZcCSsEByFWAhg1OmELJDwEXyMFFgBAIzU2NVUXHyUoXF8/DwQACgc0Pls7JQQ5ehUcOT1cLjwiXWI5FxULRyxjBy5SFhM2LwFaYiILQyYAFTlaLTUqImA3Gw8uYQg5IxR9IQU/OQE7FDYWViciNj1hC2cKLgQhBRVcByc6Dz1VXQMkKXItZTYqWDoVXwBIODs1PVVdAwkoZht3XippKio0CAIXPzs+Rys0NCpRJTouW2otfx8/dSc9Ojt2PhM2XmIuAz0IBSIlGyRoBggUO0kmGgk7ZjUELT4FNQcUO3I8alUrRykGJgVIIgQCIgQ1FBQncjhqBDp2OnQGH18BIlErUgJgKw1aBz0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 97b41c2d6f2e1b12e7ac6f5f2fae7432
291bb70597187c7bc43d22d4312c845c203cc806
6c8e8999d00f53d8bb3ea47c5d37ed55067379094bb501551550d22a6692a80c
GET /bGwwb1INDlMCbQ1RUkknHgANSmAqSQIpNl0GAgUkWw5GDCEUHVdBMQADRQs0HgNeG3wCCURKYCoeYzkAHDZ0OiMjG1MsEQZcCSsEByFWAhg1OmELJDwEXyMFFgBAIzU2NVUXHyUoXF8/DwQACgc0Pls7JQQ5ehUcOT1cLjwiXWI5FxULRyxjBy5SFhM2LwFaYiILQyYAFTlaLTUqImA3Gw8uYQg5IxR9IQU/OQE7FDYWViciNj1hC2cKLgQhBRVcByc6Dz1VXQMkKXItZTYqWDoVXwBIODs1PVVdAwkoZht3XippKio0CAIXPzs+Rys0NCpRJTouW2otfx8/dSc9Ojt2PhM2XmIuAz0IBSIlGyRoBggUO0kmGgk7ZjUELT4FNQcUO3I8alUrRykGJgVIIgQCIgQ1FBQncjhqBDp2OnQGH18BIlErUgJgKw1aBz0 HTTP/1.1
Host: eitfromthe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1189
date: Wed, 01 Feb 2023 11:56:57 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XuuFqxEsmP4I76qmJ5vqr5sjMbRsD4HyjlAz9Rf7TI9wm4lKHMCHVA==
X-Firefox-Spdy: h2
eitfromthe.com/aDBLVmsJUig7VAkNKXAeGlx2c1kuFXkQD1laeTwdX1I9NRgQQSx4CARfPjINGl8lIkUGVT9zWS5BHzsDAn0ONR8qR3oBDixfCRQcWRV5FA4+BRgXMzpfCj4pDnsfYz0mWxoyIjlfGTcqUEEMMVsieRohBjplGm8gBGYfEAIbRgkxOiZpGCUsKXF6ZAopWwMDBRgGHz4xOlUiGyMvZiAkIg9cDBcMLgcZOiY+VBNjKi52ICYgD1MeB1kiCBwXWi1pJS4yPVcJJg0DARo1BiIIHBQ5MnsTPgg6VwYQCllAHwUjLgYfACkRaSUuMi1lET8NO1wYFyMiVxwTRgdmLw5fOHInGxghZXoEDwZmbmQpP2YGFw8GBREEDCIDABcuOmYYEwMtdRIVKjAJEgADXQMqFFoNcRpwARtfJSZWPUQROQkaaAMyGQYJLRQl
200 OK 2.8 kB URL HTTP/2 eitfromthe.com/aDBLVmsJUig7VAkNKXAeGlx2c1kuFXkQD1laeTwdX1I9NRgQQSx4CARfPjINGl8lIkUGVT9zWS5BHzsDAn0ONR8qR3oBDixfCRQcWRV5FA4+BRgXMzpfCj4pDnsfYz0mWxoyIjlfGTcqUEEMMVsieRohBjplGm8gBGYfEAIbRgkxOiZpGCUsKXF6ZAopWwMDBRgGHz4xOlUiGyMvZiAkIg9cDBcMLgcZOiY+VBNjKi52ICYgD1MeB1kiCBwXWi1pJS4yPVcJJg0DARo1BiIIHBQ5MnsTPgg6VwYQCllAHwUjLgYfACkRaSUuMi1lET8NO1wYFyMiVxwTRgdmLw5fOHInGxghZXoEDwZmbmQpP2YGFw8GBREEDCIDABcuOmYYEwMtdRIVKjAJEgADXQMqFFoNcRpwARtfJSZWPUQROQkaaAMyGQYJLRQl
IP
Hash 1bfd418051e33cd1e96de226ee771d81
4736761b07f8fe271eed2ad4ffd5aed790b7f4a5
76640a66406a68234e8b2c5b2a45448b3b95a2df931722501989e18e653a0bf0
GET /aDBLVmsJUig7VAkNKXAeGlx2c1kuFXkQD1laeTwdX1I9NRgQQSx4CARfPjINGl8lIkUGVT9zWS5BHzsDAn0ONR8qR3oBDixfCRQcWRV5FA4+BRgXMzpfCj4pDnsfYz0mWxoyIjlfGTcqUEEMMVsieRohBjplGm8gBGYfEAIbRgkxOiZpGCUsKXF6ZAopWwMDBRgGHz4xOlUiGyMvZiAkIg9cDBcMLgcZOiY+VBNjKi52ICYgD1MeB1kiCBwXWi1pJS4yPVcJJg0DARo1BiIIHBQ5MnsTPgg6VwYQCllAHwUjLgYfACkRaSUuMi1lET8NO1wYFyMiVxwTRgdmLw5fOHInGxghZXoEDwZmbmQpP2YGFw8GBREEDCIDABcuOmYYEwMtdRIVKjAJEgADXQMqFFoNcRpwARtfJSZWPUQROQkaaAMyGQYJLRQl HTTP/1.1
Host: eitfromthe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1179
date: Wed, 01 Feb 2023 11:56:57 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JfE_NUCXq5cpIazbSwNnjTelmQjpkpz_trIkTKv71B9fnbJsOlLNNQ==
X-Firefox-Spdy: h2
eitfromthe.com/ZEgwU3kFKlM+RgV1UnUMFiQNdksibQIVHVUiAjkPUypGMAocOVd9GggnRTcfFideJ1cKLUR2SyI8aj83CxlmAj80CWk9GBwBBhcxHDxlBC8HK2crOCsaQyY2DBJFEi0DeXYXFQcMSCMcIQpDHzQ3IAEbPRc/Z2E3KwRkBjAqDmY9NDUvRwUhJjFyKRovLncROC4wVyYpVTtIEBBUJXM6KCwCcyQqABoANBg1OwgWEAN8czkzKitIGS0CHlg4IwgSBxsAA35xOQ4CBV4VLD0/aWIaMhpaBCEifmY9IwYJAxUsPTAIPDYICl4HIS0fYWE/PQdnGSoAJB0gPQceYjk+DixIBSsuElMEPy0RABUSPiRpYz03ARVhPycQajI7VhJnChUMMGoFIw0caB0SJQxfMjMgAXoYSVUydT8dDhBnahI1C2oFGiVuWiAWCjgNOgAFOlpnNypwcyAzAQY
200 OK 1.2 kB URL HTTP/2 eitfromthe.com/ZEgwU3kFKlM+RgV1UnUMFiQNdksibQIVHVUiAjkPUypGMAocOVd9GggnRTcfFideJ1cKLUR2SyI8aj83CxlmAj80CWk9GBwBBhcxHDxlBC8HK2crOCsaQyY2DBJFEi0DeXYXFQcMSCMcIQpDHzQ3IAEbPRc/Z2E3KwRkBjAqDmY9NDUvRwUhJjFyKRovLncROC4wVyYpVTtIEBBUJXM6KCwCcyQqABoANBg1OwgWEAN8czkzKitIGS0CHlg4IwgSBxsAA35xOQ4CBV4VLD0/aWIaMhpaBCEifmY9IwYJAxUsPTAIPDYICl4HIS0fYWE/PQdnGSoAJB0gPQceYjk+DixIBSsuElMEPy0RABUSPiRpYz03ARVhPycQajI7VhJnChUMMGoFIw0caB0SJQxfMjMgAXoYSVUydT8dDhBnahI1C2oFGiVuWiAWCjgNOgAFOlpnNypwcyAzAQY
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3047), with no line terminators
Hash 276604b9f4888931cbe02dc8784cc82e
edc2810d4185b205a16783075954d92aba52ee3f
6608d3d969f43f95f5dc97096d1c6544ab62e891e4babda32d1fce7688b0270a
GET /ZEgwU3kFKlM+RgV1UnUMFiQNdksibQIVHVUiAjkPUypGMAocOVd9GggnRTcfFideJ1cKLUR2SyI8aj83CxlmAj80CWk9GBwBBhcxHDxlBC8HK2crOCsaQyY2DBJFEi0DeXYXFQcMSCMcIQpDHzQ3IAEbPRc/Z2E3KwRkBjAqDmY9NDUvRwUhJjFyKRovLncROC4wVyYpVTtIEBBUJXM6KCwCcyQqABoANBg1OwgWEAN8czkzKitIGS0CHlg4IwgSBxsAA35xOQ4CBV4VLD0/aWIaMhpaBCEifmY9IwYJAxUsPTAIPDYICl4HIS0fYWE/PQdnGSoAJB0gPQceYjk+DixIBSsuElMEPy0RABUSPiRpYz03ARVhPycQajI7VhJnChUMMGoFIw0caB0SJQxfMjMgAXoYSVUydT8dDhBnahI1C2oFGiVuWiAWCjgNOgAFOlpnNypwcyAzAQY HTTP/1.1
Host: eitfromthe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 1196
date: Wed, 01 Feb 2023 11:56:57 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: co7p5_bOIysrNu0cDxEqInVEx8qLIeeOLtFBEq1lDkw1fK0mIyj-7Q==
X-Firefox-Spdy: h2
dlmewheniyv.xyz/TXFEOVViTidKaC4LFmAGJxUPezgLVHZ7F30eB1gNKjYWeBRrBS1daHRGcghkf1c0UDFwQGJKISwFMUpofFctVzMiTGJPaHxfdw17fkBqC3M4THUfIT0QIwRkawEwTTlwQHIOYH9Edg9mdUh2Cg
204 No Content 0 B URL HTTP/2 dlmewheniyv.xyz/TXFEOVViTidKaC4LFmAGJxUPezgLVHZ7F30eB1gNKjYWeBRrBS1daHRGcghkf1c0UDFwQGJKISwFMUpofFctVzMiTGJPaHxfdw17fkBqC3M4THUfIT0QIwRkawEwTTlwQHIOYH9Edg9mdUh2Cg
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /TXFEOVViTidKaC4LFmAGJxUPezgLVHZ7F30eB1gNKjYWeBRrBS1daHRGcghkf1c0UDFwQGJKISwFMUpofFctVzMiTGJPaHxfdw17fkBqC3M4THUfIT0QIwRkawEwTTlwQHIOYH9Edg9mdUh2Cg HTTP/1.1
Host: dlmewheniyv.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 01 Feb 2023 11:56:57 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mI%2FgXjrH3HSKYpmwn8qt1Af88ugWr7iEcTJGBIEWrDvfwG1gxrtEIrtKNjTyxmtYf81eztTV0RsbkOEQ9Erneb96HBwc8bitx7iW0ouNfOI1kRRyP30R59u5lrQ4OpbnV48%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792a81bcadf2b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dlmewheniyv.xyz/ZXRJSTBKSyo6DStFDwZTVD0BKHg/OBAuBQkSDAddJDMPemEkUj0gVFhNfn8BVEdvOVkBSXhxFhYAKD1FFkl4b1kLEiZ0FhNJeGcAS0ZnexYQSXhvRBUVLnQBQwQ9PVxYRX9+BVdBe38DXU18eQ
204 No Content 22 kB URL HTTP/2 dlmewheniyv.xyz/ZXRJSTBKSyo6DStFDwZTVD0BKHg/OBAuBQkSDAddJDMPemEkUj0gVFhNfn8BVEdvOVkBSXhxFhYAKD1FFkl4b1kLEiZ0FhNJeGcAS0ZnexYQSXhvRBUVLnQBQwQ9PVxYRX9+BVdBe38DXU18eQ
IP
Hash c50fee1da28487694ad47008114632f8
2d7a826dcd4229a986a2e0e76d29e2ebe7f01b2d
ee165a2187dee74a5285e0a39b85c955ca2830627f0a77a3e3af07bef76572b0
Analyzer Verdict Alert quad9 Sinkholed
GET /ZXRJSTBKSyo6DStFDwZTVD0BKHg/OBAuBQkSDAddJDMPemEkUj0gVFhNfn8BVEdvOVkBSXhxFhYAKD1FFkl4b1kLEiZ0FhNJeGcAS0ZnexYQSXhvRBUVLnQBQwQ9PVxYRX9+BVdBe38DXU18eQ HTTP/1.1
Host: dlmewheniyv.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 01 Feb 2023 11:56:57 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=35kj75bQ8bMjbqvb5bAMu9IIU48Wtac3w7Y1FfbldREOVhEMF3saguACFLZCZHgUV17R0LWLpsEAZZbr%2BcH4Pl7WJ5Wd6wfxdcf7KNQFBZDUf8o9fbYonAtq6UCiMZpixPY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792a81bcadf3b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dlmewheniyv.xyz/b1BaTllAbzk9ZDgHKjQLBRIqGWk1dWgMGChhAB03Lhk4fxMqNC0Dfxs5PnNgWGZufmFJIDMqZF52KTo4GyUpc2hJOTQoNlJ2LHNoQWNuYGpefmhoLFJhfDopDjdnf38fJC4iZF5mbXtrWmJsfWFWZmw
204 No Content 0 B URL HTTP/2 dlmewheniyv.xyz/b1BaTllAbzk9ZDgHKjQLBRIqGWk1dWgMGChhAB03Lhk4fxMqNC0Dfxs5PnNgWGZufmFJIDMqZF52KTo4GyUpc2hJOTQoNlJ2LHNoQWNuYGpefmhoLFJhfDopDjdnf38fJC4iZF5mbXtrWmJsfWFWZmw
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /b1BaTllAbzk9ZDgHKjQLBRIqGWk1dWgMGChhAB03Lhk4fxMqNC0Dfxs5PnNgWGZufmFJIDMqZF52KTo4GyUpc2hJOTQoNlJ2LHNoQWNuYGpefmhoLFJhfDopDjdnf38fJC4iZF5mbXtrWmJsfWFWZmw HTTP/1.1
Host: dlmewheniyv.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 01 Feb 2023 11:56:57 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IPCDjXusegrYOVz0WA9j7h9ICUY3ApHzt4UeEKZjZ%2B%2FeE1kIa8Mm9WFcK7molloLFnu5SCjKYk%2FrzFFIqnQY%2FKchBQdQr5nO4byCJ%2BxedobAYthByzR1XouxZFNk30rH7hM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792a81bcbdffb51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 346 B IP
ASN #20940 Akamai International B.V.
Hash ddb627a217b4d9767430e2835c272208
0d57f3a4facd86864cd3cfa5674d4d3c2d907473
bc0915ec07b0c3f00c70a1f5c0c493ccac9ba2d7b8427e8449d855aec1705e08
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "BC0915EC07B0C3F00C70A1F5C0C493CCAC9BA2D7B8427E8449D855AEC1705E08"
Last-Modified: Wed, 01 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18492
Expires: Wed, 01 Feb 2023 17:05:09 GMT
Date: Wed, 01 Feb 2023 11:56:57 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4jVOltJFxTXHEfslkK+V2Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: k9dt1smGtGViEHjOkUTGmwPpqC8=
ocsp.digicert.com/
200 OK 471 B IP
Hash 717cf52cfdc9e790ae36f7a4e1d19d16
03b71415f75565d67d059f1046fa363be72245e5
f76f4406c8796751e4b51ecff884ff3b3ea2bff4c60b6a8941d68b31951b4541
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3214
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 11:56:57 GMT
Last-Modified: Wed, 01 Feb 2023 11:03:23 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 46e2bec06a11406d5cdcec9c0e76911d
edc777878dca7029c70577edae741264a22ab010
21f7443ebf888a28fb0f0010d1c83ca833b42c06f7d2c755f83a4b418de96854
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 11:56:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 74fb517f26359326e41f69c0c1826bd1
693f1fb0a1147db8e73c59700630c3da71b1a1ba
9fd11f32aefbb6191356ef10775629a52e420bbce09f95b363f8ef30479c37b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 11:56:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c004ef398fc2138876eac9e202e6e7c9
9b695108fe043113ee8dc3369be58234f1a73323
ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 11:56:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 74fb517f26359326e41f69c0c1826bd1
693f1fb0a1147db8e73c59700630c3da71b1a1ba
9fd11f32aefbb6191356ef10775629a52e420bbce09f95b363f8ef30479c37b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 11:56:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash dfac8e75ce3a7274894c1f4215714ec1
3af98f892a055dc1e76d603cd0be26791cec7a5a
d71a3ab89665ed999c87ef950fa828e0621fc0c80e20e2596a30ec5e26f53733
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D71A3AB89665ED999C87EF950FA828E0621FC0C80E20E2596A30EC5E26F53733"
Last-Modified: Tue, 31 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5537
Expires: Wed, 01 Feb 2023 13:29:14 GMT
Date: Wed, 01 Feb 2023 11:56:57 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash dfac8e75ce3a7274894c1f4215714ec1
3af98f892a055dc1e76d603cd0be26791cec7a5a
d71a3ab89665ed999c87ef950fa828e0621fc0c80e20e2596a30ec5e26f53733
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D71A3AB89665ED999C87EF950FA828E0621FC0C80E20E2596A30EC5E26F53733"
Last-Modified: Tue, 31 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5537
Expires: Wed, 01 Feb 2023 13:29:14 GMT
Date: Wed, 01 Feb 2023 11:56:57 GMT
Connection: keep-alive
ssl.google-analytics.com/ga.js
200 OK 17 kB URL HTTP/2 ssl.google-analytics.com/ga.js
IP
File type ASCII text, with very long lines (1305)
Hash 01d5892e6e243b52998310c2925b9f3a
58180151b6a6ee4af73583a214b68efb9e8844d4
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
GET /ga.js HTTP/1.1
Host: ssl.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17168
date: Wed, 01 Feb 2023 10:18:35 GMT
expires: Wed, 01 Feb 2023 12:18:35 GMT
cache-control: public, max-age=7200
age: 5902
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
eitfromthe.com/utx?cb=76c8foQGBIP0&top=www.upload-4ever.com&tid=976408
204 No Content 0 B URL HTTP/2 eitfromthe.com/utx?cb=76c8foQGBIP0&top=www.upload-4ever.com&tid=976408
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=76c8foQGBIP0&top=www.upload-4ever.com&tid=976408 HTTP/1.1
Host: eitfromthe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload-4ever.com
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 01 Feb 2023 11:56:57 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload-4ever.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 01 Feb 2023 11:57:57 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xMm-6kqdkpy8CWZLllWFU3ZU4_GQYbJfeNeZbF2cgaqr2636f3nflw==
X-Firefox-Spdy: h2
eitfromthe.com/utx?cb=EDlAR5zTEIRC&top=www.upload-4ever.com&tid=976112
204 No Content 0 B URL HTTP/2 eitfromthe.com/utx?cb=EDlAR5zTEIRC&top=www.upload-4ever.com&tid=976112
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=EDlAR5zTEIRC&top=www.upload-4ever.com&tid=976112 HTTP/1.1
Host: eitfromthe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload-4ever.com
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Wed, 01 Feb 2023 11:56:57 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload-4ever.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Wed, 01 Feb 2023 11:57:57 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sRdTi2XYy7QbIjsLh7bLhEksm4oxlbtMQ2gd6l8KVKmhX8gseDv7VQ==
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
200 OK 66 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
File type ASCII text, with very long lines (38742), with no line terminators
Hash c1165bc7712506696168ed753d28cb5e
e8692cae8ec8f92195f6fb8a2fd19a7cc4806a07
9dde952ae2c028b38e4081a5905c93bc2e388805cb9610856e913de7610cd283
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 01 Feb 2023 11:56:57 GMT
expires: Wed, 01 Feb 2023 11:56:57 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 11360993774179054523
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49830
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 389 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (379)
Hash fc187bbb1d7c710a38f91ccf64f3bc02
b29e221019823327de2120cfd21690be286f1ae5
b878ecb57693c6824c7c53b35c6d846f473819773ae771bbe75bd3b7b73faf74
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Feb 2023 11:56:58 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-1274410452%3A1675252618008929&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHdYP8FRjXlxwFn10CDX5XI-ow6neXlmXhPslx821fPKEFqDmW51TGv7BdYe07lMcMZPRRON
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-XsY_tVjO3lZVTMA3jbNp9A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 389
server: GSE
set-cookie: __Host-GAPS=1:-rJH4RVvvxHyWzSTg--xse7OBGRPMw:J2d1VpWVHZSRjmmX;Path=/;Expires=Fri, 31-Jan-2025 11:56:57 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash c004ef398fc2138876eac9e202e6e7c9
9b695108fe043113ee8dc3369be58234f1a73323
ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 11:56:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d1j2jv7bvcsxqg.cloudfront.net/tZlNoQVQFPAYnaxI6DHxtUWVccWxAORsuOhZuATg1FDlcDxpeEBsLMSh1HDswW2NOLTUINFVnMQgwVXByBzcKfGBAJxguP1sxCi0mCiQHJCwSdR0gaQs8Eig4CjJNcxJTfVhkZlZ7Hyg6AjwfMnFUYwY1cVRjWXF6VnZbA3FUYx8oOlBnTXIWQ2FYOWJSdl-sDcVRjGjdxVRJZcWFIY0FkZlY0DSI/CXZaB2ZWYlhxZVZiTXNkADoaJDIJK01zEldjXW9kQCZVcA
200 OK 559 B URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/tZlNoQVQFPAYnaxI6DHxtUWVccWxAORsuOhZuATg1FDlcDxpeEBsLMSh1HDswW2NOLTUINFVnMQgwVXByBzcKfGBAJxguP1sxCi0mCiQHJCwSdR0gaQs8Eig4CjJNcxJTfVhkZlZ7Hyg6AjwfMnFUYwY1cVRjWXF6VnZbA3FUYx8oOlBnTXIWQ2FYOWJSdl-sDcVRjGjdxVRJZcWFIY0FkZlY0DSI/CXZaB2ZWYlhxZVZiTXNkADoaJDIJK01zEldjXW9kQCZVcA
IP
File type ASCII text, with very long lines (794), with no line terminators
Hash 67ee4ae2b7ffe0b10e3f71424203a007
1db1f0883bed2968c1f56d865c030e6180243101
931f53108135d6b93b118c5a354fc907940dff108409a0257483d0d73852f893
GET /tZlNoQVQFPAYnaxI6DHxtUWVccWxAORsuOhZuATg1FDlcDxpeEBsLMSh1HDswW2NOLTUINFVnMQgwVXByBzcKfGBAJxguP1sxCi0mCiQHJCwSdR0gaQs8Eig4CjJNcxJTfVhkZlZ7Hyg6AjwfMnFUYwY1cVRjWXF6VnZbA3FUYx8oOlBnTXIWQ2FYOWJSdl-sDcVRjGjdxVRJZcWFIY0FkZlY0DSI/CXZaB2ZWYlhxZVZiTXNkADoaJDIJK01zEldjXW9kQCZVcA HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eitfromthe.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 559
date: Wed, 01 Feb 2023 11:56:58 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hmIiuJtLbpc5vM4g-Pi1_JBaeNJGSCQCeG6EFaFD-wYC3pDoMgUwVg==
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 394 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (382)
Hash a1d69afbecd00809f552fea2f7909d72
c3c3099ee3391b574a7408fcfbff99adaec09004
72064cf1fd634f0272c301c4faf3bc0f7d16a1102ab566cf9dbe77195c56d555
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 01 Feb 2023 11:56:58 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S1124210751%3A1675252618053768&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=AWnogHeD6TrhHYpAm4jnZRMVyLIWRsUQZLLACPyfZ0m9ArQX3-zER8cqvLcf-yqxbprH8fM-8Wyx
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-bneoQPS3hqElDAzGFf3BIQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 394
server: GSE
set-cookie: __Host-GAPS=1:cz6S_NwvTTj4CCYyCwvEXkWcOHOmYA:GU9_wCHW-Gj3irpT;Path=/;Expires=Fri, 31-Jan-2025 11:56:58 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 46e2bec06a11406d5cdcec9c0e76911d
edc777878dca7029c70577edae741264a22ab010
21f7443ebf888a28fb0f0010d1c83ca833b42c06f7d2c755f83a4b418de96854
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 11:56:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d1j2jv7bvcsxqg.cloudfront.net/rSVRpZDUqOwcCCj09DVkMfmJYVQdvPhoLWzlpLgZYexMIDl0mch0eUXRkTwhUJzNUQlAnN1RVEygwC1kBbyAZC150NgsIRyUjBgFNPXIcBQgkOxMNWSU1TFZzfHpZQQd5fB4NWy07HhcQe2QHEBB7ZFhUG3lxWiYQe2QeDVt/YExXd2xmWRwDfXFaJhB7ZB-sSEHoVWFQAZ2RAQQd5MwwHXiZxWyIHeWVZVAR5ZUxWBS89GwFTJixMVnN4ZFxKBW8hVFU
200 OK 498 B URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/rSVRpZDUqOwcCCj09DVkMfmJYVQdvPhoLWzlpLgZYexMIDl0mch0eUXRkTwhUJzNUQlAnN1RVEygwC1kBbyAZC150NgsIRyUjBgFNPXIcBQgkOxMNWSU1TFZzfHpZQQd5fB4NWy07HhcQe2QHEBB7ZFhUG3lxWiYQe2QeDVt/YExXd2xmWRwDfXFaJhB7ZB-sSEHoVWFQAZ2RAQQd5MwwHXiZxWyIHeWVZVAR5ZUxWBS89GwFTJixMVnN4ZFxKBW8hVFU
IP
File type ASCII text, with very long lines (673), with no line terminators
Hash 932a52c7c75969755c65a4f4a6b4846b
7fa2283b8e353b42df18129859ac2a5f702516ec
f139c304a452e5e1638ff1ad6cdfe4708262edff6405ad92b0374132b4bf12f8
GET /rSVRpZDUqOwcCCj09DVkMfmJYVQdvPhoLWzlpLgZYexMIDl0mch0eUXRkTwhUJzNUQlAnN1RVEygwC1kBbyAZC150NgsIRyUjBgFNPXIcBQgkOxMNWSU1TFZzfHpZQQd5fB4NWy07HhcQe2QHEBB7ZFhUG3lxWiYQe2QeDVt/YExXd2xmWRwDfXFaJhB7ZB-sSEHoVWFQAZ2RAQQd5MwwHXiZxWyIHeWVZVAR5ZUxWBS89GwFTJixMVnN4ZFxKBW8hVFU HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eitfromthe.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 498
date: Wed, 01 Feb 2023 11:56:58 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: O1v-6WNQs1UITaswgoo8_p9eEEGL6kF6a5lQErK1ycaBBHDiYXCjMg==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e0bc98d03057dabba1334b62bea0975b
b358a8123908fe4b1c94a1273cac45c4e23b212e
10ef320ba825ca0e17d039b66fd2f321f4d2c687a8734d226fa25e9b45e109d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 11:56:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 471 B IP
Hash 717cf52cfdc9e790ae36f7a4e1d19d16
03b71415f75565d67d059f1046fa363be72245e5
f76f4406c8796751e4b51ecff884ff3b3ea2bff4c60b6a8941d68b31951b4541
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3215
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 11:56:58 GMT
Last-Modified: Wed, 01 Feb 2023 11:03:23 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
200 OK 345 B IP
ASN #20940 Akamai International B.V.
Hash dfac8e75ce3a7274894c1f4215714ec1
3af98f892a055dc1e76d603cd0be26791cec7a5a
d71a3ab89665ed999c87ef950fa828e0621fc0c80e20e2596a30ec5e26f53733
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "D71A3AB89665ED999C87EF950FA828E0621FC0C80E20E2596A30EC5E26F53733"
Last-Modified: Tue, 31 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5536
Expires: Wed, 01 Feb 2023 13:29:14 GMT
Date: Wed, 01 Feb 2023 11:56:58 GMT
Connection: keep-alive
d1j2jv7bvcsxqg.cloudfront.net/qTmhjMEctBw1WeDoBBw1+eV5SAXRoAhBfKT5VNkQdIQoRaA8qGg0JIQwmRUQ9KlVTFisvBgQNYSsGAA12aAkHUnp6ThZReiMHGVkrIglGAgF7RlMVdX5AFFkpKgcUQ2J8WA1EYnxYUgBpfk1QcmJ8WBRZKXhcRgMFa1pTSHF6TVByYnxYEUZifSlSAHJgWE-oVdX4PBlMsIU1RdnV+WVMAdn5ZRgJ3KAERVSEhEEYCAX9YVh53aB1eAQ
200 OK 187 B URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/qTmhjMEctBw1WeDoBBw1+eV5SAXRoAhBfKT5VNkQdIQoRaA8qGg0JIQwmRUQ9KlVTFisvBgQNYSsGAA12aAkHUnp6ThZReiMHGVkrIglGAgF7RlMVdX5AFFkpKgcUQ2J8WA1EYnxYUgBpfk1QcmJ8WBRZKXhcRgMFa1pTSHF6TVByYnxYEUZifSlSAHJgWE-oVdX4PBlMsIU1RdnV+WVMAdn5ZRgJ3KAERVSEhEEYCAX9YVh53aB1eAQ
IP
File type ASCII text, with no line terminators
Hash 7d691c70e9389ca27694dcf28b253891
5ec1c6a944204ec7891a3f7bfb18462e790897ac
c31ee03f3be5dbbd8bc56b33b6204415a83f87fc7429b0cda651fe8fa8fe90d4
GET /qTmhjMEctBw1WeDoBBw1+eV5SAXRoAhBfKT5VNkQdIQoRaA8qGg0JIQwmRUQ9KlVTFisvBgQNYSsGAA12aAkHUnp6ThZReiMHGVkrIglGAgF7RlMVdX5AFFkpKgcUQ2J8WA1EYnxYUgBpfk1QcmJ8WBRZKXhcRgMFa1pTSHF6TVByYnxYEUZifSlSAHJgWE-oVdX4PBlMsIU1RdnV+WVMAdn5ZRgJ3KAERVSEhEEYCAX9YVh53aB1eAQ HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eitfromthe.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 187
date: Wed, 01 Feb 2023 11:56:58 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fBxvsPelLihduV6SCQFOK62A9-H26VL3NwLHz4iVICVbpXAv24dTrQ==
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6b21f87e54b10ba719e15dc390c48701
7da5a76ac948ba52b23e19b4d857efddef75313e
178a5d6a627ac741af8a057c542d308bdc88802d07f1aeb41af37ff997cd90df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "178A5D6A627AC741AF8A057C542D308BDC88802D07F1AEB41AF37FF997CD90DF"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11779
Expires: Wed, 01 Feb 2023 15:13:17 GMT
Date: Wed, 01 Feb 2023 11:56:58 GMT
Connection: keep-alive
googleads.g.doubleclick.net/pagead/html/r20230125/r20190131/zrt_lookup.html
200 OK 4.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20230125/r20190131/zrt_lookup.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 2fb3574102373e2e076cfa2ff90cdf25
d06c985183def975546d6e47ab6369c11dcf7195
e61cbc207f7fc2f429deceff11e7a339a3d9a9574da6d035054eba02ee381345
GET /pagead/html/r20230125/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4242
x-xss-protection: 0
date: Tue, 31 Jan 2023 18:55:48 GMT
expires: Tue, 14 Feb 2023 18:55:48 GMT
cache-control: public, max-age=1209600
age: 61270
etag: 10353107486223812946
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=237dc00c5b5d46fa84799a864f0351c6
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=237dc00c5b5d46fa84799a864f0351c6
IP
File type JSON data\012- , ASCII text
Hash fe4a226215eb898c9ae77f9b81d815b6
02ad69961d3b67c2126880109c0507edf25c7c31
0b7b40019405c2a941212df0a8037c040411c606bf0b92edcf2c2574b779658e
GET /gid.js?userId=237dc00c5b5d46fa84799a864f0351c6 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload-4ever.com
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 11:56:58 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=237dc00c5b5d46fa84799a864f0351c6; expires=Thu, 01 Feb 2024 11:56:58 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-70364639-8&cid=88781945.1675252639&jid=1234301503&_v=5.7.2&z=301296255
302 Found 366 B URL HTTP/2 stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-70364639-8&cid=88781945.1675252639&jid=1234301503&_v=5.7.2&z=301296255
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 87b5e8d00498cb0a675f62eeb85e6935
b7821e610e5aa4b29f0f2b2eccb98252c80dda88
96850b63e7ab8a6f06c648077499fa11b2338ab1ad55bb65d5497dbfacde28e8
GET /r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-70364639-8&cid=88781945.1675252639&jid=1234301503&_v=5.7.2&z=301296255 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=88781945.1675252639&jid=1234301503&_v=5.7.2&z=301296255
access-control-allow-origin: *
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 01 Feb 2023 11:56:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: Golfe2
content-length: 366
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
d1j2jv7bvcsxqg.cloudfront.net/?bvjjd=976112
200 OK 116 kB URL HTTP/2 d1j2jv7bvcsxqg.cloudfront.net/?bvjjd=976112
IP
File type Unicode text, UTF-8 text, with very long lines (15948)
Size 116 kB (116206 bytes)
Hash ce1c1c72103f3d9668b003a506a86f67
462972b41627d05dc93a49e0e84b0457e8555f4f
66330ae9557484fab108bb92418f0987bf028386ae2fb28e6f619ae0a5813e47
GET /?bvjjd=976112 HTTP/1.1
Host: d1j2jv7bvcsxqg.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Origin: https://www.upload-4ever.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 116206
date: Wed, 01 Feb 2023 11:56:58 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.upload-4ever.com
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vycyPdyQZ70lvz4-XiCjr2QcgoxFxeSq15UjzYbWUXCi8pYG0pn9hg==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash a327176edf538c07784f9b0da660c22d
4a56cfcac291dfe1cc177bd3eff976f106731834
aae92a95f747be0bca6982ed7e3e58af8ac74ff69c799b55046ab38474e149dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 11:56:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=88781945.1675252639&jid=1234301503&_v=5.7.2&z=301296255
302 Found 0 B URL HTTP/2 www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=88781945.1675252639&jid=1234301503&_v=5.7.2&z=301296255
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=88781945.1675252639&jid=1234301503&_v=5.7.2&z=301296255 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 11:56:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=88781945.1675252639&jid=1234301503&_v=5.7.2&z=301296255&slf_rd=1&random=3467493196
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cagothie.net/?rb=teHovqAGTh83mCzM25lbr1nTqU0Qu5JVRwUo_aEpgzC2W7ItD0FdSolh9supHkYZxPVAddZarRr4lDrWbv9ydH7GqTLSI4xeyqZAroQA-gJ2IyZtROLvqyP_34DEAUkL-Q8RRQWeiu8yY9wzvZfEs2_MzS7XAtyUVe70Ie-2AKDK2yKRmoTiQ6GMnMdPgK6k6HErjfHaeEDY1TP-Mg8ODvaHSpPcneoKbFiybuWy090osTDl&request_ab2=0&zoneid=2726715&js_build=iclick-v1.478.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=5&pl=https%3A%2F%2Fwww.upload-4ever.com%2Fhvzo42ulbm17%2FKPortScan%25203.0.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.478.0&bs=ab6ef854-93ac-4b1a-9951-1d8e6bd1f351&userId=237dc00c5b5d46fa84799a864f0351c6&m=link
200 OK 2.2 kB URL HTTP/2 cagothie.net/?rb=teHovqAGTh83mCzM25lbr1nTqU0Qu5JVRwUo_aEpgzC2W7ItD0FdSolh9supHkYZxPVAddZarRr4lDrWbv9ydH7GqTLSI4xeyqZAroQA-gJ2IyZtROLvqyP_34DEAUkL-Q8RRQWeiu8yY9wzvZfEs2_MzS7XAtyUVe70Ie-2AKDK2yKRmoTiQ6GMnMdPgK6k6HErjfHaeEDY1TP-Mg8ODvaHSpPcneoKbFiybuWy090osTDl&request_ab2=0&zoneid=2726715&js_build=iclick-v1.478.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=5&pl=https%3A%2F%2Fwww.upload-4ever.com%2Fhvzo42ulbm17%2FKPortScan%25203.0.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.478.0&bs=ab6ef854-93ac-4b1a-9951-1d8e6bd1f351&userId=237dc00c5b5d46fa84799a864f0351c6&m=link
IP
Hash f05051b9d4234b23cc9d854443d48942
97d6a7d22f330515510f394f3e7501b5d239dbec
4dbb3207375fb4ded7490e5e47185a2e8f8982c740a7441271ce52c78020bac2
GET /?rb=teHovqAGTh83mCzM25lbr1nTqU0Qu5JVRwUo_aEpgzC2W7ItD0FdSolh9supHkYZxPVAddZarRr4lDrWbv9ydH7GqTLSI4xeyqZAroQA-gJ2IyZtROLvqyP_34DEAUkL-Q8RRQWeiu8yY9wzvZfEs2_MzS7XAtyUVe70Ie-2AKDK2yKRmoTiQ6GMnMdPgK6k6HErjfHaeEDY1TP-Mg8ODvaHSpPcneoKbFiybuWy090osTDl&request_ab2=0&zoneid=2726715&js_build=iclick-v1.478.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=5&pl=https%3A%2F%2Fwww.upload-4ever.com%2Fhvzo42ulbm17%2FKPortScan%25203.0.zip&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.478.0&bs=ab6ef854-93ac-4b1a-9951-1d8e6bd1f351&userId=237dc00c5b5d46fa84799a864f0351c6&m=link HTTP/1.1
Host: cagothie.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Origin: https://www.upload-4ever.com
Connection: keep-alive
Cookie: OAID=237dc00c5b5d46fa84799a864f0351c6; oaidts=1675252617
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 11:56:58 GMT
content-type: application/json
x-trace-id: c45a838178fb7725ba4e0e256ff03ac5
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=237dc00c5b5d46fa84799a864f0351c6; expires=Thu, 01 Feb 2024 11:56:58 GMT; path=/; secure; SameSite=None
oaidts=1675252618; expires=Thu, 01 Feb 2024 11:56:58 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 08 Feb 2023 11:56:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=88781945.1675252639&jid=1234301503&_v=5.7.2&z=301296255&slf_rd=1&random=3467493196
200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=88781945.1675252639&jid=1234301503&_v=5.7.2&z=301296255&slf_rd=1&random=3467493196
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-70364639-8&cid=88781945.1675252639&jid=1234301503&_v=5.7.2&z=301296255&slf_rd=1&random=3467493196 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 11:56:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
200 OK 18 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
Hash 58c74d2dfbb3873263c575be94524c95
077f80a9a9bbbdae0c52fdae8225c589cf8f53b7
94342953735912eb9f1475f0f996fb35d6fecfc03f31381020627f6c8d179641
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 5rUvull4TsivUqnePtwzhmuwxC8lz1w3tx3fiqlhXvP9EbIvrk1qyXJRpa1/8/+3H/HxaFkoYQ2pCoxH6wh+3Q==
date: Wed, 01 Feb 2023 11:56:58 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9192
Expires: Wed, 01 Feb 2023 14:30:11 GMT
Date: Wed, 01 Feb 2023 11:56:59 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9192
Expires: Wed, 01 Feb 2023 14:30:11 GMT
Date: Wed, 01 Feb 2023 11:56:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg
200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 27e95b7912edc909d6b031e36fe83534
eb27fae0bb17dbe0929a620002195233ef50c1d0
b32e7e1a2eee367c5bf9e99bcb38f4c74c4e9e7bdfe7fb0f8f2a657060c0624c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8597
x-amzn-requestid: e7bf4ac9-d86d-4ee9-9e10-8a42e5dfe2c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcRaNEW4IAMFatA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4c90d-7731312f630b00ba028836ca;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 07:04:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z3ZJ7bq6LuJd-9I9D22VIs0avctNGVDKnYmt-fxevCheQibivmUomQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:53:10 GMT
age: 14629
etag: "eb27fae0bb17dbe0929a620002195233ef50c1d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d72f205-6434-46dc-85c2-d0bf41653e1f.jpeg
200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d72f205-6434-46dc-85c2-d0bf41653e1f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6544847aa1270cea1c780e4ee562f2a2
7be75a9f2e5f9e945f60a20a5da70849ad32f72d
d820b25b833d644358c0d9d5a3dc05817770095c06a098a6fc8ed9b7230c80e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d72f205-6434-46dc-85c2-d0bf41653e1f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8415
x-amzn-requestid: 0d44aaae-d472-410f-9438-7527da366b10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffCuGHRqoAMFxeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e4c0-7e7330ab2de5c1ba3e87df4b;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:15:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zPgCVRUn1Y1HukfmbqB_Pl8L9lNUQfaFWMcIYh-vFn_Z8pM9MFsOhw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 06:38:24 GMT
age: 19115
etag: "7be75a9f2e5f9e945f60a20a5da70849ad32f72d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb48b6dde-a831-4a2a-91f4-75df52be0b31.jpeg
200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb48b6dde-a831-4a2a-91f4-75df52be0b31.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d2189ff7eee65e0fde9be79c994b1d1e
c82caabf73415755643b9ab874364162e798f58c
f0d08ab954f728a73a30d22c874019789d55b64a6160d5dafe4d08249f2e9ed4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb48b6dde-a831-4a2a-91f4-75df52be0b31.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6773
x-amzn-requestid: b3b6b388-dd50-4a4d-83e0-219b0d285f4c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foee_GcdoAMFRWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9aac6-286883827020ff9a1412030c;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 23:56:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 59jJ-7FGO_UqZi7pUGx6h9imXp1a5bOeAbKFkDQBC91qQ2lnyyl11w==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 00:18:23 GMT
etag: "c82caabf73415755643b9ab874364162e798f58c"
content-type: image/jpeg
age: 41916
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23db22ce2120fbb0ae6109e1a046062d
2068c8d9a5bc30a17be658e198e26c64a80703cf
f307ba6c4929d9f0c9354334b7baea878da379138489d9689bb777c4da308dab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8735
x-amzn-requestid: f466c962-7b12-4923-a4be-7ff9fce372a0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaWFP_IAMF9wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-7a8c027d58f5b9132bb68a33;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hjIm9dNf6UE9rpIlKWeLwWuF7Pm6yJeAZgbwchvJcuDy-zkXEr502w==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:51:18 GMT
age: 50741
etag: "2068c8d9a5bc30a17be658e198e26c64a80703cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
File type gzip compressed data, max compression\012- data
Hash 91f09f4bd5ac5c5a14f0c09a76516dc5
4d2759c347f6629196eab9cfb6985057f37041bd
5cd919796fadb174bc57d3abef2b778be615f9ef7bb3bf27bdee32aa80e35ad3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 22:03:43 GMT
age: 49996
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57810a89-c2fa-4da6-8c38-d7ab4682343c.jpeg
200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57810a89-c2fa-4da6-8c38-d7ab4682343c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23fba3309226071f6f44081c3a92bc0b
21119ea71d26ab157ec491f9cf68918d63310fb4
b29c1f3f6966e08bd3954275c8d2a3ae44a352b41e5d3f04203b55f65708fafc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F57810a89-c2fa-4da6-8c38-d7ab4682343c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4588
x-amzn-requestid: 1d726cce-35c6-42d7-a592-8f22f1bd310a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJr4GXvoAMFXvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcb2-71af755c24ba2e9a39f17451;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:01:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DzgQlPECoiRf-pZjVVk-EsjIl0kVj0b-BfiWBgUEFamma1pYDUMP6A==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:10:48 GMT
age: 17171
etag: "21119ea71d26ab157ec491f9cf68918d63310fb4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cagothie.net/5/2726715/?oo=1&aab=1
200 OK 0 B URL HTTP/2 cagothie.net/5/2726715/?oo=1&aab=1
IP
GET /5/2726715/?oo=1&aab=1 HTTP/1.1
Host: cagothie.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.upload-4ever.com
Connection: keep-alive
Referer: https://www.upload-4ever.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 11:56:57 GMT
content-type: application/json
x-trace-id: a340df9a72dfc73e586d9391bacf4f39
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=237dc00c5b5d46fa84799a864f0351c6; expires=Thu, 01 Feb 2024 11:56:57 GMT; path=/; secure; SameSite=None
oaidts=1675252617; expires=Thu, 01 Feb 2024 11:56:57 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
200 OK 0 B IP
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Origin: https://www.upload-4ever.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 01 Feb 2023 11:56:58 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1420
last-modified: Wed, 01 Feb 2023 11:33:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eETta9pFlTqomQjbcwULximJIEnGvuv4ux%2Fd%2BDQUAqEOTnNyw7yHR9whq%2FQdEM%2F%2BJzgkSy84XJBcJFLRDb3ot4bZi3itpvs6UNjaWK18n4WnPbqlp%2FW9bIOT2Nr0rGfP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792a81be9b8e768f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
200 OK 0 B IP
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.upload-4ever.com/
Origin: https://www.upload-4ever.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 01 Feb 2023 11:56:58 GMT
content-type: text/plain
set-cookie: csu=1955751104570181@1@1675252618; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www.upload-4ever.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Fy5ofbcyBGfF48wZOyMqnUIleQBXPBcHilzO8xYluyPTwUNDs9M53qsihfZgRsJ9G7Z3jF4TYZMQcx0vrWYsvgdcKIiYn6b5wkNFsccv8K9RNkeGAoZ83qhicdBhuhQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792a81be9b89768f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.upload-4ever.com/hvzo42ulbm17/KPortScan%203.0.zip
200 OK 0 B URL HTTP/2 www.upload-4ever.com/hvzo42ulbm17/KPortScan%203.0.zip
IP
GET /hvzo42ulbm17/KPortScan%203.0.zip HTTP/1.1
Host: www.upload-4ever.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 01 Feb 2023 11:56:57 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=0;includeSubDomains;
expires: Tue, 31 Jan 2023 11:56:56 GMT
cf-cache-status: BYPASS
set-cookie: aff=1190184; domain=.upload-4ever.com; path=/; expires=Wed, 15-Feb-2023 11:56:56 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WovAGDG3s8GhAKFy3KF0ViZ%2BbMZQNs7SyxD8ZQPgRJ6YWqIiFFVxW9NHGg6jAXudrG%2BDfVTTkAh9dYAyYOhwzsAMoKFIYwjjnCb1%2FWsgVijXrLgk31QSNzd0fnliJCe1CekoVwlIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792a81b77c3d0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
172.67.152.107
23.36.76.226
104.21.12.131
139.45.197.238
157.240.205.35